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DETAILED ACTION 
Information Disclosure Statement 

1 . The examiner has considered the information disclosure statement filed 1 2 
February 2007. 

Claim Rejections - 35 USC §112 

2. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

3. Claims 1-9 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

4. Claim 1 recites that the server responds to the authentication request with a 
nonce, but then recites that the authentication request a hash of the nonce before it was 
sent. It is unclear how the client hashes the nonce before it receives the nonce. 

Claim Rejections - 35 USC § 101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

6. Claim19 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. A medium for carrying signals is not tangible, 
as it can include carrier waves for example. 

Claim Rejections - 35 USC § 103 
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7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which the subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 1-21 , as best understood, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Briscoe et al., USPub 2004/0187024 in view of Alkhatib et al., USPub 
2004/0249974. 

With regard to claims 1, 6, 10, 15, 19, and 20, Briscoe discloses an 
authentication protocol for increasing safety against a computer access attack for point- 
to-point communication ([0010]), between a client computer and a server ([0002]), to 
services in at least one of a network for data and telecommunication utilizing a 
challenge-response pattern ([0016]), including receiving from a client computer an 
authentication request containing a clients username to a server providing the services 
(secret signature), the server identifying the client computer IP address and a client 
password accessible by the server through the transmitted username (Fig 3) the server 
responding with an N byte nonce numerical value (issuing network entity [0045), the 
authentication request including a hash value of at least the parameters clients 
password, client computer unique IP address, server unique IP address, and the nonce 
value ([0045]) receiving the hash value from the client computer as an authenticator for 
accessing the services ([0046]) and the server reproducing the authenticator by utilizing 
the hash algorithm and the parameters clients accessible password, client computer 
unique IP address, server unique IP address, and the nonce value, comparing the 
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reproduction with the transmitted authenticator, and granting an access to the server 
and services if the reproduced authenticator matches the transmitted ([0064]). Briscoe 
does not teach using this protocol to prevent a man-in-the-middle attack. Further, 
Briscoe teaches using the same method for a client to verify the server ([0046]). 
Alkhatib discloses using a seed to thwart man-in-the-middle attacks ([0151], [0158]). 
The seed of Alkhatib is combined with the IP addresses in a similar manner as Briscoe. 
It would have been obvious for one of ordinary skill in the art to use the "cookie" of 
Briscoe to thwart the man-in-the-middle attack of Alkhatib since it is irreproducible by 
other parties, the stated motivation of Briscoe ([0046]). 

With regard to claims 2 and 1 1 , Briscoe discloses using a time parameter to 
create the nonce ([0046]), thus it will be different every time. 

With regard to claims 3 and 12, Briscoe discloses that the seed of the nonce is 
random ([0044]). 

With regard to claims 4, 5, 13, and 14, Briscoe discloses the none includes a 
password (Ka) and a volatile value (timestamp) ([0046]). 

With regard to claims 7, 8, 16, and 17, Alkhatib discloses HMAC-Sha-1 is a 
known hash function ([0133]). It would have been obvious for one of ordinary skill in the 
art to use SHA-1 as the hash function of Briscoe since it is a widespread standard and 
secure. 

With regard to claims 9 and 18, Briscoe in view of Alkhatib discloses the protocol 
of claim 1 , as outlined above, but does not disclose using salt. The examiner takes 
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official notice that using salt is well known in the art. It would have been obvious for one 
of ordinary skill in the art to use salt in Briscoe to protect against dictionary attacks. 

With regard to claim 21 , Briscoe in view of Alkhatib discloses the protocol of 
claim 20, as outlined above, but does not disclose identifying an attacker. The examiner 
takes official notice that it is well known ion the art to log attacks and attackers. It would 
have been obvious for one of ordinary skill in the art to identify the attacker of Briscoe in 
view of Alkhatib to increase future security against the attacker. 

Conclusion 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jacob Lipman whose telephone number is 571-272- 
3837. The examiner can normally be reached on M-Fr. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571-272-381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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